CVE-2022-31629 PoC — PHP 安全漏洞

Source

https://github.com/silnex/CVE-2022-31629-poc

Associated Vulnerability

Title:PHP 安全漏洞 (CVE-2022-31629)
Description:PHP是一种在服务器端执行的脚本语言。 PHP 7.4.31之前版本、8.0.24之前版本和8.1.11之前版本存在安全漏洞，攻击者利用该漏洞可以能够在受害者的浏览器中设置一个标准的不安全 cookie。

Description

CVE-2022-31629 POC

Readme

# CVE-2022-31629 poc

## [PHP Bug report](https://bugs.php.net/bug.php?id=81727)

## How to test

### Install

```shell
git clone https://github.com/SilNex/CVE-2022-31629-poc
cd ./CVE-2022-31629-poc
docker-compose up -d
```

### TEST

`https://localhost:8110` : v8.1.10  
`https://localhost:8111` : v8.1.11

### Chrome HSTS issue

`thisisunsafe` 를 hsts페이지에서 입력하면됩니다.

Typing `thisisunsafe` on hsts error page.

File Snapshot


 [4.0K]  /data/pocs/7a510124a796db4771c008fcc235fe880871b797
├── [4.0K]  8110
│   └── [  95]  dockerfile
├── [4.0K]  8111
│   └── [  95]  dockerfile
├── [ 355]  docker-compose.yml
├── [1.4K]  index.php
├── [4.0K]  nginx
│   ├── [ 497]  default.conf
│   └── [ 389]  dockerfile
├── [ 435]  README.md
└── [  73]  reset.php

3 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!